CVE-2019-25452

Name of the Vulnerable Software and Affected Versions Dolibarr ERP/CRM version 10.0.1

Description Dolibarr ERP/CRM version 10.0.1 has an SQL injection issue in the elemid POST parameter of the ''/viewcat.php'' endpoint. Unauthenticated attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to execute arbitrary SQL queries. Attackers can extract sensitive database information using error-based or time-based blind SQL injection techniques.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the ''/viewcat.php'' endpoint. Sanitize the elemid parameter to prevent SQL injection attacks.